CVE-2026-25516 Overview
CVE-2026-25516 is a Cross-Site Scripting (XSS) vulnerability in NiceGUI, a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged, meaning that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks.
Critical Impact
Applications using NiceGUI's ui.markdown() component to render user-controlled content are vulnerable to XSS attacks, potentially allowing attackers to steal session tokens, perform actions on behalf of users, or redirect victims to malicious sites.
Affected Products
- NiceGUI versions prior to 3.7.0
- Applications using ui.markdown() to render user-controlled content
Discovery Timeline
- 2026-02-06 - CVE CVE-2026-25516 published to NVD
- 2026-02-09 - Last updated in NVD database
Technical Details for CVE-2026-25516
Vulnerability Analysis
This vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) stems from inconsistent sanitization practices within the NiceGUI framework. While several HTML-rendering components like ui.html(), ui.chat_message(), and ui.interactive_image() include a sanitize parameter to protect against XSS attacks, the ui.markdown() component lacks this security control.
The markdown2 library, used by NiceGUI to convert markdown to HTML, preserves raw HTML by default. When this converted content is rendered using innerHTML without sanitization, any embedded JavaScript event handlers execute in the user's browser context.
Root Cause
The root cause is the absence of HTML sanitization in the ui.markdown() component's rendering pipeline. While other NiceGUI components implement sanitization options, ui.markdown() was implemented without this security control, creating an inconsistent security posture within the framework.
Attack Vector
An attacker can exploit this vulnerability by submitting markdown content containing malicious HTML with JavaScript event handlers. When a victim views this content through an application using ui.markdown(), the unsanitized HTML is rendered, and the JavaScript executes in their browser context.
Example attack payloads could include HTML elements with onerror, onload, or onclick event handlers embedded within markdown content. The attack requires user interaction (viewing the malicious content) and occurs over the network.
# Security patch in extract_core_libraries.py - Merge commit from fork
# Source: https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561
STATIC / 'unocss' / 'preset-wind3.global.js')
shutil.copy2(NODE_MODULES / '@unocss' / 'runtime' / 'preset-wind4.global.js',
STATIC / 'unocss' / 'preset-wind4.global.js')
+
+_minify_js(NODE_MODULES / 'dompurify' / 'dist' / 'purify.es.mjs', STATIC / 'dompurify.mjs')
The fix introduces DOMPurify, a well-known sanitization library, to sanitize markdown-rendered HTML before it is inserted into the DOM.
Detection Methods for CVE-2026-25516
Indicators of Compromise
- Review application logs for suspicious markdown submissions containing HTML tags with event handlers (e.g., onerror, onload, onclick)
- Monitor for unexpected JavaScript execution or unusual network requests from client browsers
- Check for user-submitted content containing raw HTML within markdown fields
- Look for encoded JavaScript payloads within markdown input fields
Detection Strategies
- Implement Content Security Policy (CSP) headers to detect and block inline script execution
- Deploy Web Application Firewall (WAF) rules to detect HTML injection attempts in markdown fields
- Use browser-based XSS auditing tools during security testing
- Monitor client-side errors and unexpected script execution events
Monitoring Recommendations
- Enable detailed logging for all markdown content submissions
- Set up alerts for HTML tags in user-submitted markdown content
- Monitor for CSP violation reports indicating potential XSS attempts
- Track unusual user session behavior that might indicate session hijacking
How to Mitigate CVE-2026-25516
Immediate Actions Required
- Upgrade NiceGUI to version 3.7.0 or later immediately
- Audit existing applications for any use of ui.markdown() with user-controlled content
- Implement server-side input sanitization as an additional defense layer
- Deploy Content Security Policy headers to mitigate XSS impact
Patch Information
The vulnerability is fixed in NiceGUI version 3.7.0. The patch introduces DOMPurify integration to sanitize HTML content before rendering. For detailed patch information, see the GitHub Security Advisory GHSA-v82v-c5x8-w282 and the commit f1f7533.
Workarounds
- Avoid rendering user-controlled content through ui.markdown() until the patch is applied
- Implement server-side HTML sanitization using libraries like bleach before passing content to ui.markdown()
- Use alternative NiceGUI components with sanitization support (e.g., ui.html() with sanitize=True)
- Apply strict Content Security Policy headers to limit the impact of any XSS exploitation
# Configuration example - Upgrade NiceGUI to patched version
pip install --upgrade nicegui>=3.7.0
# Verify installed version
pip show nicegui | grep Version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
